Re: [ovs-dev] [PATCH v1 0/3] Policy-based routing

Wed, 24 Oct 2018 08:10:00 -0700 

Hi Mary, thanks for the patchset.
At the most basic level, it looks like the new Logical_Router_Policy table is nearly the same as the current ACL table. The differences are: 

* ACL has a "direction" column
* ACL has a "log" column
* ACL has an "allow-related" action
* Logical_Router_Policy has a "name" column
* Logical_Router_Policy has a "nexthop" column
* Logical_Router_Policy has a "reroute" action


Seeing this makes me wonder why the approach was to create a new table 
instead of making modifications to the ACL table. Can you share the 
thought process that led to creating a new table? My thoughts on the 
matter are that ACLs are well established in OVN and reusing them offers 
some nice benefits.



Seeing the differences also makes me wonder why logical router policies 
only apply to ingress traffic. Is there a reason why we can't specify a 
direction like we do with logical switch ACLs?



And finally, the logging in ACLs is a nice feature and should also be in 
router policies.


On 10/22/2018 06:24 PM, Mary Manohar wrote:

This patch series implements policy-based routing.
Policy-based routing (PBR) provides a mechanism to configure permit/deny and 
reroute policies on the router.
Permit/deny policies are similar to OVN ACLs, but exist on the logical-router.
Reroute policies are needed for service-insertion and service-chaining.
Currently, we support only stateless policies.

To achieve this, we introduced a new table in the ingress pipeline of the 
Logical-router.
The new table is between the ‘IP Routing’ and the ‘ARP/ND resolution’ table.
This way, PBR can override routing decisions and provide a different next-hop.

Mary Manohar (3):
   [1/3]: Routing policies, add config in schema
   [2/3] Routing policies, add routing-policies in ovn-nbctl
   [3/3]: Routing policies, ovn-northd changes to handle routing policy
     commands.

  ovn/northd/ovn-northd.c   | 144 ++++++++++++++++++++++++++++++++--
  ovn/ovn-nb.ovsschema      |  20 ++++-
  ovn/ovn-nb.xml            |  63 +++++++++++++++
  ovn/utilities/ovn-nbctl.c | 196 ++++++++++++++++++++++++++++++++++++++++++++++
  tests/ovn-nbctl.at        |  47 +++++++++++
  5 files changed, 463 insertions(+), 7 deletions(-)



_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev






















					Reply via email to